How to Easily Harden Your Mail Configuration

Contrary to popular belief, cyber security is not an inherent part of SMTP (Simple Mail Transfer Protocol), which is why we implement email security solutions with features such as anti-spam and anti-malware to protect our users and networks. However, a hacker’s reach goes beyond spam and malware.

Hackers can spoof email addresses to make it seem like an email, at face value, is coming from a trusted, legitimate sender. They can even intercept and alter email messages in transit, so that the original message sent isn’t the message that the recipient receives.

So, what can you do to ensure that emails sent from your domain are legitimate and that the email message/content is not forged or altered?

There are two email authentication methods that can easily harden your mail configuration: SPF and DKIM. SPF (Sender Policy Framework) enables you to specify which IP addresses are associated with your domain. DKIM (DomainKeys Identified Mail) uses cryptographic keys to validate the authenticity of an email, letting inbound mail servers know that the email message was not forged or altered en route to you.

How do they work?

SPF (Sender Policy Framework)

You create an SPF record that identifies your mail servers via their IP addresses and then publish the SPF record to your domain’s overall DNS.

When an inbound mail server receives an email from your domain, it then checks the sending IP address against your domain’s DNS record. From there, the receiving mail server decides whether to accept, reject, or flag that email message.

DKIM (DomainKeys Identified Mail)

DKIM involves adding a cryptographic key to your domain’s DNS. When an email is sent out from your domain, a unique hash (or signature) is attached to the email header. Upon receipt, the receiving mail server will compare the hash in your email header against the key in your DNS.

If content in your email message is altered in any way in transit, the email header will generate a different hash (replacing the initial hash); when comparing the hash against the key in your DNS, the receiving server will determine that it is invalid.

Both SPF and DKIM use the TXT type of DNS record, making implementation simple, compared to the typically complex nature of cyber security configurations.

What about DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is used along with SPF and/or DKIM. DMARC, like SPF and DKIM, involves adding a record to your DNS, indicating that you are using SPF and/or DKIM for authentication. It then gives the receiver instructions on what to do if they receive a message that failed authentication. Because DMARC relies on SPF and DKIM to check authentication, it cannot standalone.

Email is still the primary delivery method for malware and the easiest way for hackers to get into a network, as it exploits your weakest link, humans. Hardening your email configuration adds an additional layer of security and, hopefully, a little more peace of mind.